Merge pull request #6785 from arestarh/azurerm_app_gw_ssl_cert_key_va…

…ult_doc

Changed: notes regarding configuring 'TLS termination with Key Vault …

website/docs/r/application_gateway.html.markdown

@@ -398,6 +398,10 @@ A `ssl_certificate` block supports the following:
 
 * `key_vault_secret_id` - (Optional) Secret Id of (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. You need to enable soft delete for keyvault to use this feature. Required if `data` is not set.
 
+-> **NOTE:** TLS termination with Key Vault certificates is limited to the [v2 SKUs](https://docs.microsoft.com/en-us/azure/application-gateway/key-vault-certs).
+
+-> **NOTE:** For TLS termination with Key Vault certificates to work properly existing user-assigned managed identity, which Application Gateway uses to retrieve certificates from Key Vault, should be defined via `identity` block. Additionally, access policies in the Key Vault to allow the identity to be granted *get* access to the secret should be defined.
+
 ---
 
 A `url_path_map` block supports the following: